Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
[
{
"product": "Kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 6.6.1"
}
]
}
]